package cn.com.common.config;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
public class AddResponseHeaderFilter extends OncePerRequestFilter {

	@Override
	protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
			FilterChain filterChain) throws ServletException, IOException {
		httpServletResponse.addHeader("Strict-Transport-Security", "value");
		httpServletResponse.addHeader("Referrer-Policy", "value");
		httpServletResponse.addHeader("X-Permitted-Cross-Domain-Policies", "value");
		httpServletResponse.addHeader("X-Download-Options", "value");
		httpServletResponse.addHeader("X-Content-Type-Options", "nosniff");
		httpServletResponse.setHeader("x-frame-options", "SAMEORIGIN");
		filterChain.doFilter(httpServletRequest, httpServletResponse);
	}

}
